Abstract
The development of smartphones and social networks has brought great convenience to our lives. Due to the increasing requirements of user privacy, user data are protected by encryption protocol. Nevertheless, the encrypted traffic may still be identificated by a third party. In order to improve the privacy protection of users, it is necessary to study the existing encrypted user behavior system. The existing user behavior identification adopts the statistical features of encrypted traffic, which fluctuates greatly in different transmission environments. In this paper, we propose a Stable Features Identification Method(SFIM), which concentrate on filtering out the stable features from the encrypted traffic to identify user behavior. Based on the principle of maximum entropy, we put forward an approach to divide the distribution ranges of these stable features, and map the feature space into vector space. Our research focuses on multiple user behavior in the Instagram application. The best evaluation results achieve 99.8% accuracy, 99.3% precision, 99.3% recall, and 0.09% false positive rate(FPR) on average.
Similar content being viewed by others
References
Shen M, Liu Y, Zhu L, Xu K, Du X, Guizani N (2020) Optimizing feature selection for efficient encrypted traffic classification: A systematic approach. IEEE Netw 34(4):20–27
Moore AW, Zuev D (2005) Internet traffic classification using bayesian analysis techniques. In: Proceedings of the 2005 ACM SIGMETRICS international conference on measurement and modeling of computer systems, pp 50–60
Anderson B, McGrew D (2017) Machine learning for encrypted malware traffic classification: Accounting for noisy labels and non-stationarity. In: Proceedings of the 23rd ACM SIGKDD international conference on knowledge discovery and data mining, pp 1723–1732
Wang Q, Yahyavi A, Kemme B, He W (2015) I know what you did on your smartphone: Inferring app usage over encrypted data traffi. In: 2015 IEEE Conference on communications and network security (CNS). IEEE, pp 433–441
Muehlstein J, Zion Y, Bahumi M, Kirshenboim I, Dubin R, Dvir A, Pele O (2017) Analyzing https encrypted traffic to identify user’s operating system, browser and application. In: 2017 14th IEEE annual consumer communications & networking conference (CCNC), IEEE, pp 1–6
Qin T, Wang L, Liu Z, Guan X (2015) Robust application identification methods for p2p and voip traffic classification in backbone networks. Knowl Based Syst 82:152–162
Wang X, Chen S, Su J (2020) Automatic mobile app identification from encrypted traffic with hybrid neural networks. IEEE Access 8:182065–182077
Tiep M, Deepak A, Alessandra S (2015) Profiling user activities with minimal traffic traces. In: International conference on web engineering, Springer, pp 116–133
Saltaformaggio B, Choi H, Johnson K, Kwon Y, Zhang Q, Zhang X, Xu D, Qian J (2016) Eavesdropping on fine-grained user activities within smartphone apps over encrypted network traffic. In: 10th {USENIX} workshop on offensive technologies ({WOOT} 16)
Alan HF, Kaur J (2016) Can android applications be identified using only tcp/ip headers of their launch time traffic?. In: Proceedings of the 9th ACM conference on security & privacy in wireless and mobile networks, ACM, pp 61–66
Chen L, Gao S, Liu B, Zhigang L, Zhengwei J (2020) Ths-idpc: A three-stage hierarchical sampling method based on improved density peaks clustering algorithm for encrypted malicious traffic detection. Supercomput 76(9):7489–7518
Miserendino SB, Klein RH, Peters RV, Kaloroumakis PE (2017) System and method for in-situ classifier retraining for malware identification and model heterogeneity, February 2 2017. US Patent App. 15/176,784
Wei L, Rammidi G, Ghorbani AA (2011) Clustering botnet communication traffic based on n-gram feature selection. Comput Commun 34(3):502–514
Chen S, Wang R, Wang XF, Zhang K (2010) Side-channel leaks in web applications: A reality today, a challenge tomorrow. In: 2010 IEEE symposium on security and privacy, IEEE, pp 191–206
Fielding RT, Taylor RN (2000) Architectural styles and the design of network-based software architectures, 7 University of California, Irvine Doctoral dissertation
Wu H, Wu Q, Cheng G, Guo S (2020) Instagram user behavior identification based on multidimensional features. In: IEEE INFOCOM 2020 - IEEE conference on computer communications workshops (INFOCOM WKSHPS), pp 1111–1116
Yoon S-H, Park J-W, Park J-S, Oh Y-S, Kim M-S (2009) Internet application traffic classification using fixed ip-port. In: Asia-pacific network operations and management symposium, Springer, pp 21–30
Dharmapurikar S, Krishnamurthy P, Sproull T, Lockwood J (2003) Deep packet inspection using parallel bloom filters. In: 11th Symposium on high performance interconnects, 2003. Proceedings, IEEE, pp 44–51
Najam M, Younis U, Rasool R (2015) Speculative parallel pattern matching using stride-k dfa for deep packet inspection. J Netw Comput Appl 54:78–87
Alshammari R, Zincir-Heywood AN (2009) Machine learning based encrypted traffic classification: Identifying ssh and skype. In: 2009 IEEE symposium on computational intelligence for security and defense applications, IEEE, pp 1–8
Chang L, Longtao H, Gang X, Zigang C, Zhen L (2019) Fs-net: A flow sequence network for encrypted traffic classification. In: IEEE INFOCOM 2019-IEEE conference on computer communications, IEEE, pp 1171–1179
Pradhan A, Behera S, Dash R (2018) Hybrid rbfn based encrypted ssh traffic classification. In: 2018 5th International conference on signal processing and integrated networks (SPIN), IEEE, pp 264–269
Wang W, Zhu M, Wang J, Zeng X, Yang Z (2017) End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International conference on intelligence and security informatics (ISI), IEEE, pp 43–48
Shen M, Wei M, Zhu L, Wang M (2017) Classification of encrypted traffic with second-order markov chains and application attribute bigrams. IEEE Trans Inf Forens Sec 12(8):1830–1843
Yanjie F, Xiong H, Xinjiang L, Yang J, Chen C (2016) Service usage classification with encrypted internet traffic in mobile messaging apps. IEEE Trans Mob Comput 15(11):2851–2864
Michie D, Spiegelhalter DJ, Taylor CC, et al. (1994) Machine learning. Neural and Statistical Classification 13(1994):1–298
Liu C, Cao Z, Li Z, Xiong G (2018) Lafft: Length-aware fft based fingerprinting for encrypted network traffic classification. In: 2018 IEEE Symposium on computers and communications (ISCC) IEEE, pp 1–6
Lingjing K, Guowei H, Keke W (2017) Identification of abnormal network traffic using support vector machine. In: 2017 18th International conference on parallel and distributed computing, applications and technologies (PDCAT), IEEE, pp 288–292
Yu B, Song X, Guan F, Yang Z, Yao B (2016) k-nearest neighbor model for multiple-time-step prediction of short-term traffic condition. J Transp Eng 142(6):04016018
Bo T, Kay S, He H (2016) Toward optimal feature selection in naive bayes for text categorization. IEEE Trans Knowl Data Eng 28(9):2508–2521
Yan F, Xu M, Qiao T, Wu T, Yang X, Zheng N, Choo K-KR (2018) Identifying wechat red packets and fund transfers via analyzing encrypted network traffic. In: 2018 17th IEEE international conference on trust, security and privacy in computing and communications/12th IEEE international conference on big data science and engineering (TrustCom/BigDataSE), IEEE, pp 1426–1432
He G, Bingfeng X, Haiting Z (2017) Identifying mobile applications for encrypted network traffic. In: Fifth international conference on advanced cloud and big data (CBD), IEEE, pp 279–284, p 2017
Conti M, Mancini LV, Spolaor R, Verde NV (2016) Analyzing android encrypted network traffic to identify user actions. IEEE Trans Inf Foren Sec 11(1):114–125
Ata S, Iemura Y, Nakamura N, Oka I (2017) Identification of user behavior from flow statistics. In: 2017 19th asia-pacific network operations and management symposium (APNOMS), pp 42–47
Li D, Li W, Wang X, Nguyen C, Lu S (2019) Activetracker: Uncovering the trajectory of app activities over encrypted internet traffic streams. In: 2019 16th Annual IEEE international conference on sensing, communication, and networking (SECON), pp 1–9
Grolman E, Finkelshtein A, Puzis R, Shabtai A, Celniker G, Katzir Z, Rosenfeld L (2018) Transfer learning for user action identication in mobile apps via encrypted trafc analysis. IEEE Intell Syst 33(2):40–53
Fu Y, Xiong H, Lu X, Yang J, Chen C (2016) Service usage classification with encrypted internet traffic in mobile messaging apps. IEEE Trans Mob Comput 15(11):2851–2864
Liu J, Yanjie F, Ming J, Ren Y, Sun L, Xiong H (2017) Effective and real-time in-app activity analysis in encrypted internet traffic streams. In: Proceedings of the 23rd ACM SIGKDD international conference on knowledge discovery and data mining, pp 335– 344
Quan W, Cheng N, Qin M, Zhang H, Chan HA, Shen X (2019) Adaptive transmission control for software defined vehicular networks. IEEE Wireless Commun Lett 8(3):653–656
Quan W, Liu Y, Zhang H, Yu S (2017) Enhancing crowd collaborations for software defined vehicular networks. IEEE Commun Mag 55(8):80–86
Liu Y, Feng T, Peng M, Guan J, Wang Y (2020) Dream: Online control mechanisms for data aggregation error minimization in privacy-preserving crowdsensing. In: IEEE Transactions on dependable and secure computing. pp 1–1
Liu Y, Wang H, Peng M, Guan J, Wang Y (2020) An incentive mechanism for privacy-preserving crowdsensing via deep reinforcement learning. IEEE Int Things J 8(10):8616–8631
Pautasso C (2014) Restful web services: Principles, patterns, emerging technologies. In: Web services foundations, Springer, pp 31–51
Hou C, Shi J, Kang C, Cao Z, Gang X (2018) Classifying user activities in the encrypted wechat traffic. In: 2018 IEEE 37th International performance computing and communications conference (IPCCC), pp 1–8
Acknowledgments
The research work leading to this paper is supported by the National Key Research and Development Program of China under Grant No. (2020YFB1807503, 2020YFB1807500), and Key Laboratory of Computer Network and Information Integration of Ministry of Education (Southeast University).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Wu, H., Wu, Q., Cheng, G. et al. SFIM: Identify user behavior based on stable features. Peer-to-Peer Netw. Appl. 14, 3674–3687 (2021). https://doi.org/10.1007/s12083-021-01214-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-021-01214-2